So far so good. I can upload files and everything is locked down for the most part, except the user can still mkdir, rmdir, and change file permissions which I do not want to allow for security reasons. I've been trying to get blacklist working like

ForceCommand internal-sftp -P mkdir,rmdir

However it appears that while those whitelist/blacklist parameters are available on OpenBSD, the version of sftp-server on Centos only allows for logging and file mask options

Short of trying to compile the BSD version's source code, is there any other way? Something with ACL restrictions to allow files only, no folders, symlinks etc? Ban changing file permissions?

If there was a way to have the users uploaded files be created as root:sftp_only 664 then at least they could modify/delete their own files via group write but not change permissions to since they don't own them.